What types of personal data do we handle?

We process personal information to enable us to support the provision of healthcare services to patients, maintain our own accounts and records, promote our services, and to support and manage our employees. We also process personal information about health care professionals that deliver services throughout the NHS.

We also use information to support and monitor the health services commissioned in England to enable the delivery of high quality healthcare. This type of information will usually be provided to NHS England in an aggregate or anonymised form, so that we cannot identify an individual.

The types of personal information we use include:

personal details such as names, addresses, telephone numbers

family details for example next of kin details

education, training, mostly frequently of clinicians such as GPs

employment details, for example for those that work for us either directly or are commissioned by us to provide a service

financial details, where we provide payment for services or access to funds for individual patients

services, for example details of the services access or offered by providers

lifestyle and social circumstances

visual images, personal appearance and behaviour, for example if CCTV images are used as part of building security

details held in the patient’s record, where we hold or manage the patient’s record

responses to surveys, where individuals have responded to surveys about healthcare issues

How will we use information about you?

Your information is used to run and improve the NHS in England. It may be used to:

Check and report on how effective NHS England and the services it commissions has been

Ensure that money is used properly to pay for the services it provides

Investigate complaints, legal claims or important incidents

Make sure that NHS England gives value for money

Make sure services are planned to meet patients’ needs in the future

Review the care given to make sure it is of the highest possible standard

To manage specialised services that NHS England commissions

To improve the efficiency of healthcare services, by sharing information with other organisations (sometimes non-NHS) for a specific, justified purpose and approved by NHS England’s Caldicott Guardian.

We may keep your information in written form or on a computer. Whenever possible all information that identifies you will be removed.

NHAIS: Fair processing notice

NHS England are Data Controllers for the NHAIS system. This system holds personal details of all patients registered with GP in England and Wales. There are also links to similar systems in Scotland, IoM, and Northern Ireland.

The information held in these systems is primarily used for healthcare purposes, but may also be used for other non-healthcare related purposes, and shared with other statutory bodies/organisations to enable them to fulfil their statutory obligations.

The information will only be shared with other organisations where there is a statutory obligation to do so, or with the agreement of NHS England’s Caldicott Guardian.

Sharing your information

There are a number of reasons why we share information. This can be due to:

Our obligations to comply with current legislation

Our duty to comply with a Court Order

You have consented to disclosure

NHS England is responsible for protecting the public funds it manages. To do this we may use the information we hold about you to detect and prevent crime or fraud. We may also share this information with other bodies that inspect and manage public funds.

Security of your information

We take our duty to protect your personal information and confidentiality seriously. We are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.We have appointed a Senior Information Risk Owner (SIRO) who is accountable for the management of all information assets and any associated risks and incidents, and a ‘Caldicott Guardian’ who is responsible for the management of patient information and patient confidentiality. Deputy SIROs have also been appointed in region teams and local Caldicott Guardians have been appointed in region and area teams.All staff are required to undertake annual information governance training and are provided with an information governance user handbook that they are required to read, understand and agree to adhere to. The handbook ensures that staff are aware of their information governance responsibilities and follow best practice guidelines ensuring the necessary safeguards and appropriate use of person-identifiable and confidential information. Under the NHS Confidentiality Code of Conduct, all our staff are also required to protect your information, and inform you of how your information will be used. This includes, in most circumstances, allowing you to decide if and how your information can be shared.Everyone working for the NHS is subject to the common law duty of confidentiality. Information provided in confidence will only be used for the purposes advised and consented to by the service user, unless it is required or permitted by the law.

Information for job applicants

NHS England will process information provided by applicants for the management of their application and the subsequent selection process. This involves providing details to the short-listing and selection panels. Other details are kept to help fulfil our obligations to monitor equality and diversity within the organisation and in the application process. You can find more information about the use of personal data throughout the application process.

Information will be retained on interview performance and the application in line with the retention periods of NHS England.

For more information about your application and personal data contact the Customer Contact Centre, details are included in this notice.

Applicants to roles with hosted bodies, such as Commissioning Support Units, should contact that organisation directly.